Browsed by
Month: February 2025

Unmasking CDEK Delivery Scam: A Step-by-Step Investigation (English version)

Unmasking CDEK Delivery Scam: A Step-by-Step Investigation (English version)

After a colleague fell victim to the same CDEK delivery scam I investigated several years ago, I decided to translate my findings for a wider audience. Original article (in Russian) is available here. We’ve all been there: anxiously awaiting a package and then receiving a seemingly legitimate message about a delivery issue. But what if that message is a trap? Recently, I encountered a sophisticated phone phishing scam using the CDEK(popular delivery company in Belarus and Russia) name, and I…

Read More Read More

Locking Down Your Cloud: IAM Best Practices and Auditing

Locking Down Your Cloud: IAM Best Practices and Auditing

Identity and Access Management (IAM) is the gatekeeper to your cloud environment. Properly configured IAM is essential for protecting sensitive data and preventing unauthorized access. This post summarizes key IAM best practices and provides a checklist for auditing your IAM setup. IAM Best Practices: A Cross-Cloud Summary These best practices apply across major cloud providers like AWS, GCP, and Azure: Group Users: Instead of managing individual user permissions, create user groups and assign permissions to the groups. This simplifies administration…

Read More Read More